VCampus-METCO

Coresight 2014 Authentication

Discussion created by VCampus-METCO on Oct 15, 2014
Latest reply on Oct 16, 2014 by VCampus-METCO

I have installed coresight 2014 on a standalone VM running 3008 R2 OS. The server is .part of a test domain environment.

 

The coresight app pools run under a domain service account. That account is trusted for delegation in AD, and I have setspn's for the account on the coresight server machine based on hostname and FQDN for HTTP.

 

Coresight is installed on a new site that I created, on port 8080. The site itself has anonymous authentication enabled, and the coresight application beneath that has only windows authentication enabled, with enable kernel-mode athentication check box turned off under advanced settings and Negotiate being the top most provider.

 

I have added users to the coresightusers group and coresigth admins group.

 

I can logon to the coresight server under a domain account which belongs to the coresight users group locally using the URL http://localhost:8080/coresight. This does not prompt for a username/password.I can see in Network Connections on the PI Server that the w3wp.exe process is logged in using a mapping with my domain account and coresight service account shown.

 

If I try the same thing from a separate test client PC on the same test domain using the URL  http://PI-IIS:8080/coresight or  http://PI-IIS.PIDemo.local:8080/coresight.  I am prompted for a username/password and no matter what I enter it will not give me access. Even though I am logged onto the test client PC with the same account that I am using on the coresight server directly. I am using IE 11 with windows authentication enabled in the browser,

 

I have checked windows firewall and made sure that port 80 and 443 are allowed on the coresight server.

 

Does anyone have any ideas as to why coresight does not work from my client.

 

 

Outcomes